Day 16

Set Up A VPN

DAY 16: Set Up A VPN

Welcome to Day 16 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at snubsie.com, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.

Today is all about VPNs: What they are, why you should use one, and which ones I like. VPN stands for virtual private network and it lets you get on the internet through an application or software that "tunnels" your data through a secure server. If a VPN is done right, it secures data from your computer to the VPN server in an encrypted fashion and could potentially hide what you're doing from your ISP or other agent.

Why would you want to use a VPN? Well, they can potentially help with security and privacy in tons of ways. First - if an attacker was on the same coffee shop WiFi as you, a VPN could encrypt your data while it's traveling through that wireless router, so the attacker would only see a bunch of garbled text. If you live in a dorm and have to deal with some censorship of your web traffic, a VPN could help you evade that and get to your favorite sites (this would've been handy for me when I was working at a bank and trying to access the Hak5 forums, which were blocked. I realize that makes me look like a bad employee but I work for myself now so whatevs). If your ISP, say Comcast, AT&T, etc, snoops on your data, a VPN will encrypt that traffic so they can't see what you're doing.

But wait! Is a VPN only for illegal activites?! Nope, absolute not. Here's an example: a few days ago I wanted to buy tickets for a museum in Japan. I couldn't buy tickets from America because the website blocked IP addresses from outside Japan, so I downloaded a VPN that made it look like I was living in Japan. That allowed me to purchase the tickets. Want to watch European Netflix but live in the US? A VPN could help with that too. Need to buy something from a European website that isn't available in the US? VPN.

VPNs can be a wonderful asset to anyone who wants more protection on wireless networks, wants more private browsing overall, or just wants the freedom to browse the web however you feel.

Since there are literally thousands of VPNs to choose from, it's hard to find one that is the perfect fit. I could name my preferred VPNs but they may not work for your specific needs. You should choose what feels right for you - not what someone on the internet tells you to use. But, I can give you some pointers on how to choose one.

First off: Assume that free VPNs are not always actually free. What I mean is that these free VPNs have to make their money in some way shape or form so they're probably selling your data to a third party and not encrypting it in a secure way or they're going to serve up ads constantly which could get annoying. They may also limit how much data you can use before it is shut down for the month. I tend to steer clear of free VPNs unless I use an open source set-it-up-yourself OpenVPN, which is always a possibility. Since this isn't a 30 day security challenge for folks already using everything I'm talking about, I'm gonna skip the OpenVPN set it up yourself option and go straight to the more convenient plug-n-play apps instead. Each of the ones I use cost a bit of money but they also offer better security and enough convenience to not put a damper on regular browsing.

Generally when shopping for a VPN, look for one that is cross platform (so you can use it on both your computer and your phone), and one that is clear about pricing for multiple devices (some offer the same price for up to 5 machines for example). Also, if you wanna buy tickets from a museum in Japan, for example, check their site and make sure they have an exit node or VPN location for the country you need it for. In my case, I needed a Japan exit location. Research their logging policies. You are putting your browsing into the hand of a third party, so what do they log? Anything? Times you're using the VPN? Websites you're visiting? Login, credit card, location, address data?

Why would you NOT want to use a VPN? A VPN service needs to be trustworthy, and some go out of their way to log your data. This is why I stick with one or two options that cost some money and have a clear data retention policy. VPNs can slow down your traffic. If you have decent speeds already, you may not notice but a slight decrease.

My favs? I like sticking a user configured VPN on OpenVPN Connect and browsing through that - but creating your own can get complicated. So for quick and easy options I stick with Private Internet Access VPN https://www.privateinternetaccess.com/ which costs a bit of money but allows me to use multiple devices, tons of exit nodes, and has detailed privacy options to choose from. This one can be a little complicated to setup, especially since you don't set a username, it generates one for you, but once setup you just click connect to get on your VPN. But the mobile app is painless and has a giant status button that you can switch on at any time. My other fav is https://www.tunnelbear.com/ which costs more than PIA VPN but is also more convenient. This one doesn't have the detailed security settings which could be a good thing if you get overwhelmed with choice, but they've also become the first consumer VPN that's went through a public security audit which is a big positive. These can be set up to automatically connect to the VPN upon start up, so I'm never browsing without my VPN tunnel turned on. That's a security plus!

Obviously there are tons of other VPNs out there so choosing which one is best for you will be a personal choice, so I won't go as far as to say "the ones I use are perfect for you! Use those!" Make your own choice on a VPN, but first and foremost make sure to do research on the one you choose.

Day 16 is now complete! Tomorrow is all about cleaning up your friends lists. Yup, you heard right! But first, make sure to subscribe on youtube and hit up snubsie.com for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 17!